Feature #4238
closed
Protection from Brute Force Password Attacks
Added by Bryan Kearney over 10 years ago.
Updated about 6 years ago.
Description
The login screen should protect the users from a brute force password attack. This can handled by approaches such as:
1) Locking an account out after X many failed attempts.
2) Supporting an escalated delay between logins (first failed login delay 5 seconds, second 10, third 20, etc)
- Subject changed from [RFE] Protection from Brute Force Password Attacks to Protection from Brute Force Password Attacks
- Status changed from New to Ready For Testing
- Assignee set to Tomer Brisker
- Pull request https://github.com/theforeman/foreman/pull/4132 added
- Bugzilla link set to 1060745
- Status changed from Ready For Testing to New
- Assignee deleted (
Tomer Brisker)
- Status changed from New to Ready For Testing
- Assignee set to Tomer Brisker
- Translation missing: en.field_release set to 296
I just merged sane implementation: 5 minutes window for 30 logins, not configurable, uses Rails cache to store the data.
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
- Related to Refactor #22778: Allow admin to opt-out from the Brute-force attack protection added
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by 
Updated by Anonymous